Is there any known "escape shell" techniques on a IIS/ASP server ?

From: Frederic Charpentier (fcharpen@xmcopartners.com)
Date: Tue Jan 25 2005 - 11:50:54 EST

I'am seeking information, papers or codes about "escape shell" on ASP
technology.
I found a lot of stuffs about "escape shell" with PHP, but nothing
interresting about ASP.

The question is :
- If I'am allowed to upload ASP programs on a IIS server, am I able to
escape IIS to send commands to the system ?

Any informations will be greatly appreciated.

Fred. 

-- 
_______________________________________
Frederic Charpentier - Xmco Partners
Security Consulting / Pentest
web  : http://www.xmcopartners.com

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:15 EDT